Need Help to check DH_generate_key() functionality
Priyanka C
Priyanka.C at mediatek.com
Fri Sep 16 11:57:30 UTC 2022
Dear OpenSSL Team,
While migrating to OpenSSL 3.0 we are facing issue with use of DH_generate_key(). Getting dh->pub_key NULL.
Logic used is as given below, I have omitted the error handling code.
* p and g buffer is of type unsigned char *
* p_len is 128 and g_len is 1.
DH *dh;
dh = DH_new();
dh->params.p = BN_bin2bn(p, p_len, NULL);
dh->params.g = BN_bin2bn(g, g_len, NULL);
DH_generate_key(dh);
I have checked openssl man pages (https://www.openssl.org/docs/manmaster/man3/DH_generate_key.html).
According to which DH_generate_key() expects dh to contain the shared parameters p and g only, still not able to generate pub_key.
Tried solutions given on following links:
Approach 1:
https://github.com/openssl/openssl/issues/11108
Used DH_new_by_nid() instead of DH_new() .
Approach 2:
We were skeptical about the values of p and g so tried setting valid values for p q and g using DH_set0_pqg().
BIGNUM *a = BN_bin2bn(p, p_len, NULL);
BIGNUM *b = BN_bin2bn(g, g_len, NULL);
DH_set0_pqg(dh, a, NULL, b);
But this did not help, as this set function does not change q value if NULL is passed.
We don't have idea about what can be a valid value for q which we can set.
Approach 3:
Currently working on the solution given on this link, using EVP wrappers for DH key generation.
https://www.mail-archive.com/openssl-users@openssl.org/msg88906.html
Please help to look into this and guide with possible solutions.
Thanks,
Priyanka
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220916/efc020c5/attachment.htm>
More information about the openssl-users
mailing list